How Do EHRs and a Meaningful Use Initiative Affect Breaches of Patient Information?

Given the cost of electronic health records (EHRs) to society and hospitals and the heightened concern about breaches of patient information, it is imperative to understand the risks that EHRs and the pursuit of a meaningful use (MU) initiative, apart from actual attestation of MU, may pose to the privacy of patient information. In this study, we examine how the adoption of EHRs and an MU initiative affect the occurrence of breaches of patient information. We also study whether and how EHRs and MU initiatives may increase the risk of accidental and malicious breaches of patient information. Using data from multiple sources, such as the American Hospital Association (AHA), the Healthcare Information and Management Systems Society (HIMSS) Analytic (TM) Database, and the Privacy Rights Clearinghouse (PRC), our study shows that implementing EHRs leads to a 3.081 times higher risk of a breach of patient information. This heightened risk is mostly driven by the occurrence of more accidental breaches. Although the effect of an MU initiative on the overall number of breaches is not significant, undertaking MU increases the risk of accidental breaches 1.771 times. We also found that these risks increased more among relatively larger hospitals. However, simply having more components of EHRs does not necessarily increase the risk of breaches. Overall, our findings show that breaches of patient information may be rooted in the digitized data and processes enabled by technologies such as EHRs and their usage rather than resident in the technological components themselves. We conclude that, despite recent evidence that usage of EHRS has improved the quality of healthcare, quality must go hand in hand with the protection of patient information.